pwn 0.5.12 → 0.5.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/README.md +3 -3
- data/bin/pwn_openvas_vulnscan +17 -11
- data/lib/pwn/plugins/baresip.rb +4 -24
- data/lib/pwn/plugins/dao_mongo.rb +1 -1
- data/lib/pwn/version.rb +1 -1
- metadata +8 -22
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f4d7b49643615ac659c6e353df43344d16d7493733d6340401307e16665867b9
|
4
|
+
data.tar.gz: c0ce6888a69879255a2521b05f092d8468159c0e53f10af3595b920d2e4923d2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 02be3e9266a579b45c97c30b735686651920225baf55098fea0351e44988d731d9139d5989d926256c245cd7e808ae86d454a4f12adcd163773c4486ea245744
|
7
|
+
data.tar.gz: afd7274cfbdaa8ef552501ef574532748a88f4e0879779852e4e2b234972a37c479f8f0646118c11102c7f0084e103ac42c475eb8a8f78e138b34be34346853d
|
data/Gemfile
CHANGED
@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.2.0'
|
|
18
18
|
# gem 'bettercap', '1.6.2'
|
19
19
|
gem 'barby', '0.6.9'
|
20
20
|
gem 'brakeman', '6.1.2'
|
21
|
-
gem 'bson', '
|
21
|
+
gem 'bson', '5.0.0'
|
22
22
|
gem 'bundler', '>=2.5.6'
|
23
23
|
gem 'bundler-audit', '0.9.1'
|
24
24
|
gem 'bunny', '2.22.0'
|
@@ -44,7 +44,7 @@ gem 'jwt', '2.7.1'
|
|
44
44
|
gem 'libusb', '0.6.4'
|
45
45
|
gem 'luhn', '1.0.2'
|
46
46
|
gem 'mail', '2.8.1'
|
47
|
-
gem 'mongo', '2.19.3'
|
47
|
+
# gem 'mongo', '2.19.3'
|
48
48
|
gem 'msfrpc-client', '1.1.2'
|
49
49
|
gem 'netaddr', '2.0.6'
|
50
50
|
gem 'net-ldap', '0.19.0'
|
@@ -68,7 +68,7 @@ gem 'rbvmomi', '3.0.0'
|
|
68
68
|
gem 'rdoc', '6.6.2'
|
69
69
|
gem 'rest-client', '2.1.0'
|
70
70
|
gem 'rex', '2.0.13'
|
71
|
-
gem 'rmagick', '5.4.
|
71
|
+
gem 'rmagick', '5.4.3'
|
72
72
|
gem 'rqrcode', '2.2.0'
|
73
73
|
gem 'rspec', '3.13.0'
|
74
74
|
gem 'rtesseract', '3.1.3'
|
@@ -79,7 +79,7 @@ gem 'ruby-audio', '1.6.1'
|
|
79
79
|
gem 'ruby-nmap', '1.0.3'
|
80
80
|
gem 'ruby-saml', '1.16.0'
|
81
81
|
gem 'rvm', '1.11.3.9'
|
82
|
-
gem 'savon', '2.
|
82
|
+
gem 'savon', '2.15.0'
|
83
83
|
gem 'selenium-devtools', '0.121.0'
|
84
84
|
gem 'serialport', '1.3.2'
|
85
85
|
# gem 'sinatra', '4.0.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
37
37
|
$ ./install.sh
|
38
38
|
$ ./install.sh ruby-gem
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.5.
|
40
|
+
pwn[v0.5.14]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.5.
|
55
|
+
pwn[v0.5.14]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
64
64
|
$ pwn
|
65
|
-
pwn[v0.5.
|
65
|
+
pwn[v0.5.14]:001 >>> PWN.help
|
66
66
|
```
|
67
67
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/bin/pwn_openvas_vulnscan
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'pwn'
|
5
5
|
require 'optparse'
|
6
|
+
require 'yaml'
|
6
7
|
|
7
8
|
opts = {}
|
8
9
|
OptionParser.new do |options|
|
@@ -10,6 +11,10 @@ OptionParser.new do |options|
|
|
10
11
|
#{$PROGRAM_NAME} [opts]
|
11
12
|
"
|
12
13
|
|
14
|
+
options.on('-cYPATH', '--yaml-config=YPATH', '<Required - YAML Config Containing Username & Password for Authentication>') do |c|
|
15
|
+
opts[:yaml_config] = c
|
16
|
+
end
|
17
|
+
|
13
18
|
options.on('-tTASK_NAME', '--task-name=TASK_NAME', '<Required - Task Name to Start>') do |t|
|
14
19
|
opts[:task_name] = t
|
15
20
|
end
|
@@ -18,14 +23,6 @@ OptionParser.new do |options|
|
|
18
23
|
opts[:report_dir] = d
|
19
24
|
end
|
20
25
|
|
21
|
-
options.on('-uUSERNAME', '--username=USERNAME', '<Required - Username to AuthN>') do |u|
|
22
|
-
opts[:username] = u
|
23
|
-
end
|
24
|
-
|
25
|
-
options.on('-pPASSWORD', '--password=PASSWORD', '<Optional - Password to AuthN (Will Prompt if nil)>') do |p|
|
26
|
-
opts[:password] = p
|
27
|
-
end
|
28
|
-
|
29
26
|
options.on('-fFILTER', '--report-filter=FILTER', '<Optional - GVM Results Filter (Default: "apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity")>') do |p|
|
30
27
|
opts[:password] = p
|
31
28
|
end
|
@@ -43,11 +40,20 @@ raise "#{report_dir} Does Not Exist." unless Dir.exist?(
|
|
43
40
|
report_dir
|
44
41
|
)
|
45
42
|
|
46
|
-
|
47
|
-
|
43
|
+
yaml_config = opts[:yaml_config]
|
44
|
+
|
45
|
+
raise "YAML Config Not Found: #{yaml_config}" unless File.exist?(yaml_config)
|
46
|
+
|
47
|
+
yaml = YAML.load_file(
|
48
|
+
yaml_config,
|
49
|
+
symbolize_names: true
|
50
|
+
)
|
51
|
+
|
52
|
+
username = yaml[:username]
|
53
|
+
password = if yaml[:password].nil?
|
48
54
|
PWN::Plugins::AuthenticationHelper.mask_password
|
49
55
|
else
|
50
|
-
|
56
|
+
yaml[:password].to_s.scrub
|
51
57
|
end
|
52
58
|
|
53
59
|
report_filter = opts[:report_filter]
|
data/lib/pwn/plugins/baresip.rb
CHANGED
@@ -454,13 +454,8 @@ module PWN
|
|
454
454
|
puts cmd_resp.xpath('//pre').text
|
455
455
|
|
456
456
|
puts red
|
457
|
-
#
|
458
|
-
|
459
|
-
forbidden = 'session closed: 403'
|
460
|
-
terminated = 'terminated (duration:'
|
461
|
-
# unavail = '503 Service Unavailable'
|
462
|
-
unavail = 'session closed: 503'
|
463
|
-
not_found = 'session closed: 404'
|
457
|
+
# Hangup if session is closed.
|
458
|
+
session_closed = ': session closed'
|
464
459
|
|
465
460
|
reason = 'recording limit reached'
|
466
461
|
seconds_recorded = 0
|
@@ -474,23 +469,8 @@ module PWN
|
|
474
469
|
line.include?('ua: using best effort AF: af=AF_INET')
|
475
470
|
end
|
476
471
|
|
477
|
-
if dump_session_data.select { |s| s.include?(
|
478
|
-
reason =
|
479
|
-
break
|
480
|
-
end
|
481
|
-
|
482
|
-
if dump_session_data.select { |s| s.include?(terminated) }.length.positive?
|
483
|
-
reason = 'call terminated by other party'
|
484
|
-
break
|
485
|
-
end
|
486
|
-
|
487
|
-
if dump_session_data.select { |s| s.include?(unavail) }.length.positive?
|
488
|
-
reason = 'SIP 503 (service unavailable)'
|
489
|
-
break
|
490
|
-
end
|
491
|
-
|
492
|
-
if dump_session_data.select { |s| s.include?(not_found) }.length.positive?
|
493
|
-
reason = 'SIP 404 (not found)'
|
472
|
+
if dump_session_data.select { |s| s.downcase.include?(session_closed) }.length.positive?
|
473
|
+
reason = dump_session_data.find { |s| s.downcase.include?(session_closed) }
|
494
474
|
break
|
495
475
|
end
|
496
476
|
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.14
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-02-
|
11
|
+
date: 2024-02-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - '='
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version:
|
103
|
+
version: 5.0.0
|
104
104
|
type: :runtime
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - '='
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
110
|
+
version: 5.0.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: bundler
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -458,20 +458,6 @@ dependencies:
|
|
458
458
|
- - '='
|
459
459
|
- !ruby/object:Gem::Version
|
460
460
|
version: 2.8.1
|
461
|
-
- !ruby/object:Gem::Dependency
|
462
|
-
name: mongo
|
463
|
-
requirement: !ruby/object:Gem::Requirement
|
464
|
-
requirements:
|
465
|
-
- - '='
|
466
|
-
- !ruby/object:Gem::Version
|
467
|
-
version: 2.19.3
|
468
|
-
type: :runtime
|
469
|
-
prerelease: false
|
470
|
-
version_requirements: !ruby/object:Gem::Requirement
|
471
|
-
requirements:
|
472
|
-
- - '='
|
473
|
-
- !ruby/object:Gem::Version
|
474
|
-
version: 2.19.3
|
475
461
|
- !ruby/object:Gem::Dependency
|
476
462
|
name: msfrpc-client
|
477
463
|
requirement: !ruby/object:Gem::Requirement
|
@@ -800,14 +786,14 @@ dependencies:
|
|
800
786
|
requirements:
|
801
787
|
- - '='
|
802
788
|
- !ruby/object:Gem::Version
|
803
|
-
version: 5.4.
|
789
|
+
version: 5.4.3
|
804
790
|
type: :runtime
|
805
791
|
prerelease: false
|
806
792
|
version_requirements: !ruby/object:Gem::Requirement
|
807
793
|
requirements:
|
808
794
|
- - '='
|
809
795
|
- !ruby/object:Gem::Version
|
810
|
-
version: 5.4.
|
796
|
+
version: 5.4.3
|
811
797
|
- !ruby/object:Gem::Dependency
|
812
798
|
name: rqrcode
|
813
799
|
requirement: !ruby/object:Gem::Requirement
|
@@ -954,14 +940,14 @@ dependencies:
|
|
954
940
|
requirements:
|
955
941
|
- - '='
|
956
942
|
- !ruby/object:Gem::Version
|
957
|
-
version: 2.
|
943
|
+
version: 2.15.0
|
958
944
|
type: :runtime
|
959
945
|
prerelease: false
|
960
946
|
version_requirements: !ruby/object:Gem::Requirement
|
961
947
|
requirements:
|
962
948
|
- - '='
|
963
949
|
- !ruby/object:Gem::Version
|
964
|
-
version: 2.
|
950
|
+
version: 2.15.0
|
965
951
|
- !ruby/object:Gem::Dependency
|
966
952
|
name: selenium-devtools
|
967
953
|
requirement: !ruby/object:Gem::Requirement
|